From 3640db40257751e6800adb56a3b88ae98236c209 Mon Sep 17 00:00:00 2001
From: Artem Denysov <denysov.artem@gmail.com>
Date: Fri, 18 Mar 2016 17:00:01 +0200
Subject: [PATCH 1/2] Update index.js

---
 index.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/index.js b/index.js
index 0bb7a19..d0a8f4f 100644
--- a/index.js
+++ b/index.js
@@ -11,6 +11,7 @@ var regexes = require('buildjs.core/regexes');
 var formatters = require('buildjs.core/formatters');
 var platform = require('buildjs.core/platform');
 var _ = require('underscore');
+var allowUnsafeNewFunction = require('loophole').allowUnsafeNewFunction;
 
 // initialise the default converters
 var converters = {};
@@ -273,9 +274,11 @@ Rigger.prototype.include = function(match, settings, callback) {
 
   // initialise the target
   try {
-    target = _.template(templateText, {
-      interpolate : /\{\{(.+?)\}\}/g
-    })(settings);
+    target = allowUnsafeNewFunction(function() {
+      return _.template(templateText, {
+        interpolate : /\{\{(.+?)\}\}/g
+      })(settings);
+    });
   }
   catch (e) {
     return callback(new Error('Unable to expand variables in include "' + templateText + '"'));

From 553ed2fef77b4b9ddfd88860c967bd41b4eed737 Mon Sep 17 00:00:00 2001
From: Artem Denysov <denysov.artem@gmail.com>
Date: Fri, 18 Mar 2016 17:00:44 +0200
Subject: [PATCH 2/2] Update package.json

---
 package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index afbf136..c2460bf 100644
--- a/package.json
+++ b/package.json
@@ -12,7 +12,8 @@
     "buildjs.core": "^1.0.0",
     "debug": "*",
     "getit": "^1.0.0",
-    "underscore": "^1.8.3"
+    "underscore": "^1.8.3",
+    "loophole": "~1.1.0"
   },
   "devDependencies": {
     "coffee-script": "1.9.3",